| @@ -0,0 +1,56 | |||
|
|
1 | # | |
|
|
2 | # Setup fstab and initramfs | |
|
|
3 | # | |
|
|
4 | ||
|
|
5 | # Load utility functions | |
|
|
6 | . ./functions.sh | |
|
|
7 | ||
|
|
8 | # Install and setup fstab | |
|
|
9 | install_readonly files/mount/fstab "${ETC_DIR}/fstab" | |
|
|
10 | ||
|
|
11 | # Add usb/sda disk root partition to fstab | |
|
|
12 | if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then | |
|
|
13 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab" | |
|
|
14 | fi | |
|
|
15 | ||
|
|
16 | # Add encrypted root partition to fstab and crypttab | |
|
|
17 | if [ "$ENABLE_CRYPTFS" = true ] ; then | |
|
|
18 | # Replace fstab root partition with encrypted partition mapping | |
|
|
19 | sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab" | |
|
|
20 | ||
|
|
21 | # Add encrypted partition to crypttab and fstab | |
|
|
22 | install_readonly files/mount/crypttab "${ETC_DIR}/crypttab" | |
|
|
23 | echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "${ETC_DIR}/crypttab" | |
|
|
24 | ||
|
|
25 | if [ "$ENABLE_SPLITFS" = true ] ; then | |
|
|
26 | # Add usb/sda disk to crypttab | |
|
|
27 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab" | |
|
|
28 | fi | |
|
|
29 | fi | |
|
|
30 | ||
|
|
31 | # Generate initramfs file | |
|
|
32 | if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then | |
|
|
33 | if [ "$ENABLE_CRYPTFS" = true ] ; then | |
|
|
34 | # Include initramfs scripts to auto expand encrypted root partition | |
|
|
35 | if [ "$EXPANDROOT" = true ] ; then | |
|
|
36 | install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs" | |
|
|
37 | install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount" | |
|
|
38 | install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" | |
|
|
39 | fi | |
|
|
40 | ||
|
|
41 | # Disable SSHD inside initramfs | |
|
|
42 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" | |
|
|
43 | ||
|
|
44 | # Dummy mapping required by mkinitramfs | |
|
|
45 | echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" | |
|
|
46 | ||
|
|
47 | # Generate initramfs with encrypted root partition support | |
|
|
48 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |
|
|
49 | ||
|
|
50 | # Remove dummy mapping | |
|
|
51 | chroot_exec cryptsetup close "${CRYPTFS_MAPPING}" | |
|
|
52 | else | |
|
|
53 | # Generate initramfs without encrypted root partition support | |
|
|
54 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |
|
|
55 | fi | |
|
|
56 | fi | |
| @@ -354,7 +354,8 The functions of this script that are required for the different stages of the b | |||
|
|
354 | 354 | | `11-apt.sh` | Setup APT repositories | |
|
|
355 | 355 | | `12-locale.sh` | Setup Locales and keyboard settings | |
|
|
356 | 356 | | `13-kernel.sh` | Build and install RPi2/3 Kernel | |
|
|
357 | | `14-rpi-config.sh` | Setup RPi2/3 config and cmdline | | |
|
|
357 | | `14-fstab.sh` | Setup fstab and initramfs | | |
|
|
358 | | `15-rpi-config.sh` | Setup RPi2/3 config and cmdline | | |
|
|
358 | 359 | | `20-networking.sh` | Setup Networking | |
|
|
359 | 360 | | `21-firewall.sh` | Setup Firewall | |
|
|
360 | 361 | | `30-security.sh` | Setup Users and Security settings | |
| @@ -135,6 +135,10 if [ "$BUILD_KERNEL" = true ] ; then | |||
|
|
135 | 135 | rm -fr "${KERNEL_DIR}" |
|
|
136 | 136 | else |
|
|
137 | 137 | make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare |
|
|
138 | ||
|
|
139 | # Create symlinks for kernel modules | |
|
|
140 | ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/build" | |
|
|
141 | ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/source" | |
|
|
138 | 142 | fi |
|
|
139 | 143 | |
|
|
140 | 144 | else # BUILD_KERNEL=false |
| @@ -154,57 +158,3 else # BUILD_KERNEL=false | |||
|
|
154 | 158 | # Copy vmlinuz kernel to the boot directory |
|
|
155 | 159 | install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}" |
|
|
156 | 160 | fi |
|
|
157 | ||
|
|
158 | # Create symlinks for kernel modules | |
|
|
159 | ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/build" | |
|
|
160 | ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/source" | |
|
|
161 | ||
|
|
162 | # Install and setup fstab | |
|
|
163 | install_readonly files/mount/fstab "${ETC_DIR}/fstab" | |
|
|
164 | ||
|
|
165 | # Add usb/sda disk root partition to fstab | |
|
|
166 | if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then | |
|
|
167 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab" | |
|
|
168 | fi | |
|
|
169 | ||
|
|
170 | # Add encrypted root partition to fstab and crypttab | |
|
|
171 | if [ "$ENABLE_CRYPTFS" = true ] ; then | |
|
|
172 | # Replace fstab root partition with encrypted partition mapping | |
|
|
173 | sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab" | |
|
|
174 | ||
|
|
175 | # Add encrypted partition to crypttab and fstab | |
|
|
176 | install_readonly files/mount/crypttab "${ETC_DIR}/crypttab" | |
|
|
177 | echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "${ETC_DIR}/crypttab" | |
|
|
178 | ||
|
|
179 | if [ "$ENABLE_SPLITFS" = true ] ; then | |
|
|
180 | # Add usb/sda disk to crypttab | |
|
|
181 | sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab" | |
|
|
182 | fi | |
|
|
183 | fi | |
|
|
184 | ||
|
|
185 | # Generate initramfs file | |
|
|
186 | if [ "$ENABLE_INITRAMFS" = true ] ; then | |
|
|
187 | if [ "$ENABLE_CRYPTFS" = true ] ; then | |
|
|
188 | # Include initramfs scripts to auto expand encrypted root partition | |
|
|
189 | if [ "$EXPANDROOT" = true ] ; then | |
|
|
190 | install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs" | |
|
|
191 | install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount" | |
|
|
192 | install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" | |
|
|
193 | fi | |
|
|
194 | ||
|
|
195 | # Disable SSHD inside initramfs | |
|
|
196 | printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" | |
|
|
197 | ||
|
|
198 | # Dummy mapping required by mkinitramfs | |
|
|
199 | echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" | |
|
|
200 | ||
|
|
201 | # Generate initramfs with encrypted root partition support | |
|
|
202 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |
|
|
203 | ||
|
|
204 | # Remove dummy mapping | |
|
|
205 | chroot_exec cryptsetup close "${CRYPTFS_MAPPING}" | |
|
|
206 | else | |
|
|
207 | # Generate initramfs without encrypted root partition support | |
|
|
208 | chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" | |
|
|
209 | fi | |
|
|
210 | fi | |
|
|
1 | NO CONTENT: file renamed from bootstrap.d/14-rpi-config.sh to bootstrap.d/15-rpi-config.sh |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant
